CGI and Perl

A Few Words About Security

Security is a great concern to your customers when they are asked to transmit their credit card numbers across an insecure protocol to an unknown target. You can deal with this concern in several ways. The first addresses the issue of the insecure protocol. HTTP by definition is an insecure protocol; however, Netscape has introduced the Secure Sockets Layer, which allows data to be encrypted before it is sent over the wire. If you have a commerce server that supports this protocol, you can inform MiniVend by using the SecureURL variable in the minivend.cfg file.

Another issue with credit card numbers is that form information is generally stored to disk unbeknownst to the user. MiniVend adds additional security by checking forms for field names that have the string credit_card in their names and, if so, encrypts the value before storing the information to disk.

To find out more about the security features of MiniVend, again refer to the MiniVend documentation. To learn more about security as it pertains to the World Wide Web in general, you should review Chapter 3.

Summary

There is a lot more to the MiniVend package than I can write about in a single chapter. If you are interested in setting up a Web-based shopping center, I highly recommend using the MiniVend package. I would also suggest reading through the documentation that comes with the latest version of the package. You may also want to read up on how to address the security issues as they may concern your shoppers. Web shopping is becoming quite popular, and thanks to the work of Andrew Wilcox and Mike Heins, setting up a Web store can be much easier than it otherwise would be.

Archive and Document Management

  • General Archive Management Considerations
  • HTML with Perl

The typical Webmaster is often challenged by tasks other than creating HTML or writing CGI programs. He or she also must be familiar with many other techniques and practices that are commonly used to build and maintain a networked archive and its components. In this chapter, we'll discuss a number of those tasks and provide you with some tools to help accomplish them.

General Archive Management Considerations

The art and philosophy of archive management on a network predates the Web by a long time. One of the primary intents of the Internet was, and still is, to allow the sharing of documents. Some of the early protocols and tools for sharing electronic resources are still in wide use today, including FTP, NFS, and even Gopher.

When making resources available via any type of server, you need to consider a number of tactics and practices. Some of these are related to security and are explored in Chapter 3, "Security on the Web." There are many others, and as far as I know, a document which covers them all does not exist. The collective experience of the many thousands of administrators who have contributed to and defined this body of knowledge would be difficult to summarize in a library.

There are, however, a number of general issues that you become aware of as you develop an archive and explore the work that others have done. I hope to cover many of the important issues and their associated tasks in this chapter. Again, and as always, you can explore other resources, including Usenet, various Web sites, and possibly even individual administrators who you feel have done things the way you believe might work for you. I suggest that if you find such a site, you might try dropping a line to the administrator, asking him or her to share a few tips. Of course, you may be completely ignored, but you may also be rewarded with a buried bone or two, which might save you time and energy in the future.

You'll notice in this chapter that Perl isn't the primary topic on every page. As we've said, the intent of this tutorial is to show and teach you how to use Perl in your Web programming duties and tasks. On the other hand, in other works we've studied, the coverage of the issues and topics in this chapter seems to be rather minimal. I'm covering some of the topics in this chapter primar-
ily for the sake of completeness.